Release Fleet #375
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Release Fleet | |
on: | |
workflow_dispatch: | |
inputs: | |
target_repo: | |
description: 'Target repository to build a PR against' | |
required: true | |
default: 'elastic/integrations' | |
target_branch: | |
description: 'Target branch for PR base' | |
required: true | |
default: 'main' | |
draft: | |
type: choice | |
description: 'Create a PR as draft' | |
required: false | |
options: | |
- "yes" | |
- "no" | |
package_maturity: | |
type: choice | |
description: 'Package Maturity' | |
required: true | |
options: | |
- "ga" | |
- "beta" | |
new_package: | |
type: choice | |
description: 'New Package' | |
required: true | |
default: "true" | |
options: | |
- "true" | |
- "false" | |
jobs: | |
fleet-pr: | |
name: Build package and create PR to integrations | |
runs-on: ubuntu-latest | |
steps: | |
- name: Validate the source branch | |
uses: actions/github-script@v3 | |
with: | |
script: | | |
if ('refs/heads/main' === '${{github.ref}}') { | |
core.setFailed('Forbidden branch') | |
} | |
- name: Checkout detection-rules | |
uses: actions/checkout@v3 | |
with: | |
path: detection-rules | |
fetch-depth: 0 | |
- name: Extract version lock commit hash | |
run: | | |
cd detection-rules | |
COMMIT_HASH=$(git log --grep='Lock versions for releases' -1 --format='%H') | |
echo "COMMIT_HASH=$COMMIT_HASH" >> $GITHUB_ENV | |
echo "Extracted commit hash: $COMMIT_HASH" | |
- name: Checkout commit hash | |
run: | | |
cd detection-rules | |
echo "Current branch is $GITHUB_REF" | |
echo "Checking out commit hash $COMMIT_HASH" | |
git checkout $COMMIT_HASH | |
- name: Checkout elastic/integrations | |
uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.READ_WRITE_RELEASE_FLEET }} | |
repository: ${{github.event.inputs.target_repo}} | |
path: integrations | |
fetch-depth: 0 | |
- name: Set up Python 3.12 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Install Python dependencies | |
run: | | |
cd detection-rules | |
python -m pip install --upgrade pip | |
pip cache purge | |
pip install .[dev] | |
- name: Bump prebuilt rules package version | |
env: | |
PACKAGE_MATURITY: "${{github.event.inputs.package_maturity}}" | |
NEW_PACKAGE: "${{github.event.inputs.new_package}}" | |
run: | | |
cd detection-rules | |
python -m detection_rules dev bump-pkg-versions \ | |
--patch-release \ | |
--new-package $NEW_PACKAGE \ | |
--maturity $PACKAGE_MATURITY | |
- name: Store release tag | |
if: github.event.inputs.package_maturity == 'ga' | |
run: | | |
cd detection-rules | |
output=$(cat detection_rules/etc/packages.yaml | grep -oP '(?<=\sversion: )\S+') | |
echo "pkg_version=$output" >> $GITHUB_ENV | |
- name: Create release tag | |
if: github.event.inputs.package_maturity == 'ga' | |
run: | | |
cd detection-rules | |
RELEASE_TAG="integration-v${{ env.pkg_version }}" | |
echo "Creating release tag: $RELEASE_TAG" | |
git tag $RELEASE_TAG | |
git push origin $RELEASE_TAG | |
- name: Build release package | |
run: | | |
cd detection-rules | |
python -m detection_rules dev build-release | |
- name: Set github config | |
run: | | |
git config --global user.email "[email protected]" | |
git config --global user.name "protectionsmachine" | |
- name: Setup go | |
uses: actions/setup-go@v3 | |
with: | |
go-version: '^1.20.1' | |
check-latest: true | |
- name: Build elastic-package | |
run: | | |
go install github.com/elastic/elastic-package@latest | |
- name: Create the PR to Integrations | |
env: | |
DRAFT_ARGS: "${{startsWith(github.event.inputs.draft,'y') && '--draft' || ' '}}" | |
TARGET_REPO: "${{github.event.inputs.target_repo}}" | |
TARGET_BRANCH: "${{github.event.inputs.target_branch}}" | |
LOCAL_REPO: "../integrations" | |
GITHUB_TOKEN: "${{ secrets.READ_WRITE_RELEASE_FLEET }}" | |
run: | | |
cd detection-rules | |
python -m detection_rules dev integrations-pr \ | |
$LOCAL_REPO \ | |
--github-repo $TARGET_REPO \ | |
--base-branch $TARGET_BRANCH \ | |
--assign ${{github.actor}} \ | |
$DRAFT_ARGS | |
- name: Archive production artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-files | |
path: | | |
detection-rules/releases |